Support truly
independent journalism
Our mission is to deliver unbiased, fact-based reporting that holds power to account and exposes the truth.
Whether $5 or $50, every contribution counts.
Support us to deliver journalism without an agenda.
Before this week, CrowdStrike was known for finding the cause of problems. The company – headquartered in Texas but with a reach across the world – was most famous for having investigated large scale hacks, such as those on Sony Pictures and a run of breaches at the Democratic National Committee that it blamed on Russian spies.
It has built a huge business out of that and other work. It was worth $80 billion when trading on the Nasdaq closed on Thursday – though its share price has since fallen by 20 per cent – and reported revenues of $3 billion in the last year.
CrowdStrike was founded in 2011 – by a team that included George Kurtz, the CEO that has been representing the company as it recovers from the problems – and immediately caught the interest of investors. The year after, it launched with a $26 million investment round, and it has gathered more investment since.
Over the years, it has taken funding from companies including Google and many of Silicon Valley’s biggest venture capital firms. In June 2019, it listed on the Nasdaq, finishing its first day of trading at a valuation of $11 billion despite making a loss.
Since then, its stock market performance has only continued. Benefiting from a general interest in cyber security stocks, it has surged recently, gaining 118 per cent in the last year.
CrowdStrike has now become one of the most highly valued and widely used cyber security companies. But as with many of its competitors, it is known primarily to IT professionals and investors – until the chaos of the outage on Friday, perhaps the most prominent place that CrowdStrike appears is its sponsorship of the “halo” that protects Lewis Hamilton in the event of a crash during Formula One races.
After this week, however, it may forever be known as the company linked to what might be the “largest IT outage in history”, according to one cyber security expert. The fallout from a bug seemingly caused by an update it released is “unprecedented” in its scale, said another, and has taken down everything from banks to airlines and hospitals.
On Friday, as the problems began, it was not initially clear what had caused them. But it was clear that there was a big issue: computers across the world, relied on for some of our most central infrastructure, would not turn on properly and instead showed the “blue screen of death” that indicates something drastic has gone wrong.
Over the morning, however, it became clear that the problem appeared to be linked to CrowdStrike, a huge if largely anonymous cyber security company. Specifically, all of the computers suffering issues had been running its “Falcon” software, a product that is intended to keep computers safe.
Falcon provides EDR, or endpoint detection and response, technology that spots attacks on users. It is intended to keep computers safe by running on them so that it can spot threats and block them.
To do so, however, it requires two very powerful things. Firstly it must be updated regularly, so that it is ready to respond to new threats as they arrive; secondly, it needs wide-ranging and “privileged” access to a device, so that its protection can run even in the most central and sensitive parts of the computer.
Those two things appear to be behind CrowdStrike and the world’s problems on Friday. A new update brought with it a “defect”, the company has said – and because the software has such wide-ranging access that single update was enough to practically destroy the computer.
“CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted,” wrote George Kurtz, CrowdStrike’s president and chief executive.
“This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed.
“We refer customers to the support portal for the latest updates and will continue to provide complete and continuous updates on our website. We further recommend organizations ensure they’re communicating with CrowdStrike representatives through official channels.
“Our team is fully mobilised to ensure the security and stability of CrowdStrike customers.”